EEA Gateway Service Agreement
This GATEWAY SERVICES AGREEMENT (the “Agreement”), dated as of the [-], is made by and between:
1. PAYCOMCY LIMITED, a limited liability company duly incorporated under the laws of the Republic of Cyprus, with registered office at Andrea Chaliou 1, 1st floor, Egkomi, 2408, Nicosia, Cyprus, with registration number HE 408974 (the "Service Provider")
2. [-], a limited liability company duly incorporated under the laws of [-], with registered office at [-], with registration number [-] (the “Merchant”)
The Merchant and Service Provider are hereinafter collectively called the “Parties”.
A. The Service Provider is in the business of providing payment services.
B. The Merchant agrees to obtain and the Service Provider agrees to provide the Services on the terms set out in this Agreement.
1. DEFINITIONS AND INTERPRETATION
Alternative Payment Method shall mean a way of paying for goods or services which are not made via cash or Card Scheme, including but not limited to prepaid cards, mobile payments, e-wallets, bank transfers and cash-based vouchers.
AoC shall mean attestation of compliance
API shall mean application programming interface.
API License shall mean the license granted in accordance with clause 14 in connection to API only.
Beneficial Owner shall have the meaning given to it in accordance with the Prevention and Suppression of Money Laundering Activities Law of Cyprus, Law 188(I)/2007, as amended from time to time.
Card Data shall mean the Cardholder’s card number, expiration data and CVV2
Card Scheme shall mean Visa, Mastercard, American Express, Diners / Discover and any other card scheme with which the Service Provider collaborates, the list of which will be sent to the Merchant from time to time during the term of this Agreement.
Cardholder shall mean a legal entity or an individual who is a client and/or a consumer of the Merchant, intending to pay the Merchant for their goods and/or services, using a PM, where the service and/or technology used by the Merchant to accept such payment, are offered by the Service Provider to the Merchant.
Change of Control shall mean the occurrence if any of the directors or shareholders of the Merchant ceases to be a director or shareholder in the Merchant.
Commencement Date shall mean the [-]
Confidential Information shall have the meaning given in clause 11.2.
Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures shall, for the purposes of clause 13, have the meaning given to them in the Data Protection Legislation.
Cyprus Data Protection Legislation shall mean, for the purposes of clause 13, all applicable data protection and privacy legislation in force from time to time in the Republic of Cyprus including the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) (the “Data Protection Law 125(I)/2018”), which effectively implements the General Data Protection Regulation ((EU) 2016/679) and the Electronic Communications and Postal Services Law 112(I)/2004 as amended.
Domestic Cyprus Law shall mean, for the purposes of clause 13, the Cyprus Data Protection Legislation and any other law that applies in Cyprus.
Data Protection Legislation shall mean, for the purposes of clause 13, the Cyprus Data Protection Legislation, the European Union Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications) and the guidance and codes of practice issued by the Cyprus data protection or supervisory authority and applicable to a party.
European Union Data Protection Legislation shall mean, for the purposes of clause 13, all applicable data protection and privacy legislation in force from time to time in the European Union including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the processing of Personal Data and on the Free Movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”) and the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC).
Force Majeure Event shall mean any circumstance not within a Party's reasonable control including, without limitation:
a. acts of God, flood, drought, earthquake or other natural disaster;
b. epidemic or pandemic;
c. terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations;
d. nuclear, chemical or biological contamination or sonic boom;
e. any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, quota or prohibition;
f. collapse of buildings, fire, explosion or accident;
g. any labour or trade dispute, strikes, industrial action or lockouts;
h. interruption or failure of utility service.
Gateway shall mean the gateway the Service Provider offers to the Merchant as per the Services.
Group shall mean in relation to a company, that company, any Subsidiary or any Holding company from time to time of that company, and any Subsidiary from time to time of a Holding company of that company. Each company in a Group is a member of the Group.
Holding company shall mean in relation to a company (a “Subsidiary”), any company which for the time being, directly or indirectly, holds or controls either:
a. a majority of the voting rights exercisable at shareholder meetings of the subsidiary company; or
b. the right to appoint or remove a majority of its board of directors of the subsidiary company.
Merchant Reserve Account shall mean the account which may be established by the respective Operator at any time for the purpose of enabling the said Operator to recover any and all moneys which may become due or be owed by the Merchant pursuant to the Processing Agreement.
Online Portal shall have the meaning given to it in clause 5.7.
Operator shall mean legal entity authorized to process payment transaction, Alternative Payment Methods, and/or any other form and means of payment. This may include any merchant acquirer, payment service provider, Card Scheme, Alternative Payment Methods network and / or association, or the Service Provider as long as it is authorized by the relevant authorities to process payments on behalf of the Merchant.
PCI DSS shall mean Payment Card Industry Data Security Standards
PM shall mean the way that the customers of the Merchant pay for a product or service and includes but is not limited to a card issued by a bank and/or any other authorized entity by a Card Scheme, and/or any other form and means of payment (including but not limited to a mobile device, card number, token), and/or any account details issued by any Alternative Payment Method.
Processing Agreement shall mean the agreement between the Operator and the Merchant in connection to the processing of the Transactions.
Representatives shall mean in relation to each party and any member of its Group:
a. its officers and employees;
b. its Beneficial Owners
c. its professional advisers or consultants who are engaged to advise that party and/or any member of its Group in connection with the purpose of this Agreement;
d. its contractors and sub-contractors engaged by that party and/or any member of its Group in connection with the purpose of this Agreement.
Services shall mean the provision of a payment gateway operated by the Service Provider, which includes, but is not limited to, real-time, secure data transmission and processing for multiple PM.
Software shall mean the object code version of the software, as updated from time to time, which enables the Service Provider for the provision of the Services to the Merchant.
Term Period shall have the meaning given in clause 6.1.
Transaction shall mean information related to the purchase of goods and services from the Merchant by a third party. Specifically, a Transaction is an authorization, delayed capture, sale, void, voice authorization, inquiry, verification, reference transaction, non-reference credit, or credit data transmission between the Service Provider and its back-end processors.
2. clause, Schedule and paragraph headings shall not affect the interpretation of this Agreement.
3. A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
4. The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.
5. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
6. Unless the context otherwise requires, words in the singular shall include the plural, and in the plural shall include the singular.
7. Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
8. Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
9. A reference to this Agreement or to any other agreement or document referred to in this Agreement is a reference of this Agreement or such other agreement or document, in each case as varied from time to time.
10. References to clauses and Schedules are to the clauses and Schedules of this Agreement and references to paragraphs are to paragraphs of the relevant Schedule.
11. Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
1. In consideration for the provision of the Services by the Service Provider, the Merchant agrees and is bound by the following:
a. To enter into a contract with the Operator designated by the Service Provider from time to time, meaning that he shall terminate with such Operator and engage with another Operator for the processing of Transactions (including the Service Provider itself) whenever so directed by the Service Provider. For avoidance of any doubt, the Service Provider will for no reason be held liable to pay any damages arising directly or indirectly by the Processing Agreement and/or its termination, despite if such termination is made based on the directions of the Service Provider as per this Agreement.
b. To pay the fees stipulated in Schedule 1. Such fees shall be waived in case that:
i.The Agreement is not terminated by the Service Provider in accordance with clauses 6.3 and 6.4; or
ii.The Merchant does not terminate this Agreement before the end of each Term Period.
2. It should be acknowledged by both Parties that in case that the fees stipulated in clause 2.1.(b) are not waived, they should be payable only for the specific Term Period that the termination as per clause 2.1.(b)occurred and that the calculation of the fees payable shall be made as follows:
· For fees which are payable monthly: the fees starting from the first day of the Term Period that the termination as per clause 2.1.(b) occurred until the date of the termination of the Agreement, on a pro rata basis if the first or last month is not full .
· For the fees which are payable one off: such fees are payable in full for the first Term Period that the termination as per clause 2.1.(b) occurred and in connection solely to the introduction fee stipulated in Schedule 1, such fees such be payable for the Term Period that the Operator may change, either with or without the direction of the Service Provider.
· For the fees which are payable per Transaction: the fees calculated based on the Transactions which were made after the first day of the Term Period that the termination as per clause 2.1.(b) occurred until the date of the termination of the Agreement.
3. It is further agreed by the Parties, without prejudice to any other rights of the Service Provider as per this Agreement and/or any applicable legislation, that the Service Provider shall have the right to set off any amounts held by it or the respective Operator for and on behalf of the Merchant against any amounts owed to the Card Schemes and/or any administrative or regulatory authority, in case that such amount is charged directly to the Service Provider.
3. SERVICE PROVIDER’S RIGHTS AND OBLIGATIONS
1. The Service Provider shall, during the term of this Agreement:
a. provide and hereby grants a non-exclusive right to use the Services during the term of this Agreement, in accordance with the terms and conditions of this Agreement and subject to the restrictions contained in this Agreement and/or any other restrictions communicated to the Merchant in the future by either the Service Provider or the Operator it has a Processing Agreement with.
b. perform its obligations under this Agreement exercising all reasonable skill and care expected of any experienced professional provider of a payment gateway.
c. provide technical support services in connection to the Gateway in the manner described in clause 5.10.
2. The Service Provider shall be responsible only for providing data transmission to effect or direct certain payment authorisations for the Merchant and is not responsible for the results of any credit inquiry, the operation of web sites of internet service providers financial institutions, the Operators, the availability or performance of the internet, or for any damages or costs the Merchant suffers or incurs as a result of any instructions given, actions taken or omissions made by the Merchant, the Operator it signed a Processing Agreement with, its financial institution, or any internet service provider.
3. It is an acknowledgement by the Merchant in which it agrees that Service Provider acts solely as such and that:
a. under no circumstances will be acting as a seller, buyer, dealer, middleman, retailer, auctioneer, supplier, distributor, manufacturer, broker, agent and the like or a merchant of the Merchants products and services and;
b. no surety as to the quality, safety or legality of any Merchant’s, goods and service is hereby represented or warranted.
4. The Service Provider, during the performance of the Services shall be presenting data and information collected from the Merchant and makes no representations and warranties regarding the availability, accuracy, timeliness or completeness of such data and information or any output or results of the Services offered based in whole or in part on such data and information. The Merchant shall be solely responsible for the accuracy and completeness of the data it supplies.
5. The Service Provider may change the method of access to the Gateway from time to time, for purposes of maintaining a secure and stable environment or for any other reason it deems fit.
6. The Service Provider may, in the event of degradation or instability of the Gateway or an emergency, temporarily suspend the Merchant’s access to the Gateway and any Alternative Payment Method in order to minimise threats, load and to protect the operational stability and security of the Gateway.
7. The Service Provider does not guarantee the security of the Gateway or Transaction data and shall not be responsible in the event of any infiltration of its security systems if it has used commercially reasonable efforts to prevent any such infiltration.
8. It is to be acknowledged and agreed that any dispute regarding any Merchant's product and service is between a sender and receiver of funds and the supplier and receiver of products or services. Only the Merchant shall be obligated for issues related to the PM connected with the Merchant's goods and services. No involvement of the Service Provider as a party to any dispute, including but not limited to disputes over performance and liability issues relating to, inter alia, the delivery, quality, quantity and use of the Merchant’s goods and services. In case that the Service Provider suffers or incurs any losses or liability (including full reimbursement of any legal and professional costs) as a result of or in connection with, any claim made or threatened by a third party relating to any merchant's product and/or service, the Merchant shall fully indemnify the Service Provider accordingly.
9. The Merchant understands that the suspension or limitation of the provision of the PM is an entitled right of the Operator and the Merchant may, at any given time, request to the Service Provider to change an Operator without breaching the Agreement and it is in the discretion of the Service Provider as to whether to accept or not.
4. MERCHANT OBLIGATIONS
1. The Merchant shall, during the term of this Agreement:
a. meet and follow all the requirements and conditions for the acceptance of PM as regards to the Merchant’s goods or services, as communicated to it from time to time by the Service Provider and as set forth by the Processing Agreement and/or otherwise communicated to such Merchant by the Operator with whom it entered into a Processing Agreement.
b. comply with all rules, regulations and requirements by both the Service Provider and the Operator with whom it entered into a Processing Agreement from time to time in connection to the Services as well as the services contemplated in the Processing Agreement.
c. Comply with all the Service Provider’s the respective Card Scheme’s, the respective Alternative Payment Method’s and the respective Operator’s policies, procedure and guidelines disclosed to the Merchant from time to time. For avoidance of any doubt, the Service Provider reserves the right to amend, modify or change its policies, procedures, and guidelines and/or to provide amended, modified and changed policies of the Operator to the Merchant.
d. Comply with all applicable laws applicable at the country that it offers its goods, governing, inter alia, privacy, consumer, distant sales contracts as well as all and other laws and regulations with respect to the dealings with the users of its website and while using the Services.
e. always hold all necessary licenses required from time to time for it to operate its business and be qualified to exercise its business in the areas it exercises it.
f. proceed with all the updates and/or any other patches available in connection to the Software from time to time
g. keep all the information requested on the website and/or the Software of the Service Provider updated immediately after the information included therein is not accurate and/or is false, untrue, inaccurate, incomplete and/or misleading.
h. not submit a Transaction on behalf or for the benefit of any other party. The Services are restricted only to the Merchant.
i. not submit a Transaction, which the Merchant knows or should have known are fraudulent or non-authorized by the Cardholder or have been authorized by the Cardholder in collision with the Merchant for fraudulent purposes.
j. not submit or undertake any Transaction falling outside the scope of the Merchant’s business (as described to the Service Provider any time during the term of this Agreement), without Service Provider’s prior approval. The Service Provider upon its discretion may inspect the activities of the Merchant from time to time.
k. not submit any Transaction which has previously been declined by the Operator it entered a Processing Agreement with, unless such retry attempt is permitted by the Operator, and in any case, the Merchant must follow the instructions set by the respective Operator, as to how, when, in which frequency and maximum number of attempts, it should make, in the attempt to retry a Transaction.
l. ensure that Cardholder is informed of the identity of the Merchant in a prominent place at every stage of interaction with the Cardholder so as the Merchant to be easily distinguished from any other party.
m. not use the Services in any manner, or in furtherance of any activity that may cause the Gateway to be subject to investigation, prosecution, or legal action
n. inform the Cardholder of all Merchant's responsibilities related to the Transaction, including delivery of goods (whether physical or digital) or the provision of services subject to the Transaction, customer services and dispute resolution and more particularly all of these in accordance with the terms and conditions applicable to the Transaction.
o. not provide in any manner any misleading information or an impression that the supplier of goods/services is the Operator, the PM and/or Service Provider.
p. Not, in any manner, require the Cardholder to waive his/her own right to dispute a Transaction.
q. be solely responsible for all customer service issues relating to the Merchant’s goods and services, including, inter alia, pricing, quality, fulfilment of the Merchant’s obligations, cancellation order, returns, refunds, adjustments, warranty and customer support; the Service Provider shall not be responsible for and shall participate in any customer complaint resolution process.
r. without prejudice to the restricted activities which are specified by the Service Provider and/or the Operator separately, refrain from offering any goods or services which are illegal or unethical, as deemed by Service Provider or Operator, and/or is not compatible with the Service Providers’ and/or Operator’s requirements, including, but not limited to the following:
i.illegal activities, products and services;
ii.sale of drugs, alcohol and tobacco products;
iii.Any service providing peripheral support of illegal activities (i.e. drugs);adult related to bestiality, child pornography, necrophilia, rape and other sexually oriented material;
iv.online pharmacies, pharmaceutical products and prescription drugs;
v.18+ goods/services/content without mandatory acceptance of 18+ statement by the Cardholder before providing access to such 18+ goods/services/content;
vi.facilitation of gambling in jurisdictions where it is illegal;
viii.sale of counterfeit merchandise;
ix.sale of goods, digital downloads or other services in violation of intellectual property rights; sale of illegal electronic devices (such as modification chips and jammers);
x.multilevel marketing schemes (pyramid, “get rich quick” or ponzi schemes)
xi.weapons, firearms, munitions of any sort;
xii.collection of donations, charities and fundraising networks;
xiii.promotion of violence, terrorism, ethnic strife, extremisms;
xiv.Long-term investment and insurance companies;
xv.anything that relates to corruption and bribery;
xvii.provision of services, goods and content without a license where such license is required;any customer that has been subject of a criminal investigation or is in a sanctions database;
xviii.any customer that is currently in business bankruptcy or has been the subject of bankruptcy or receivership proceeding in the last 3 years.
s. ensure that the Transaction is related only to the payment for the goods and/or services it provides in accordance with the terms of this Agreement and no request to the contrary shall be authorised.
t. deliver its goods and services to its Cardholders without undue delay.
u. ensure that no funds are received in connection with any illegal, fraudulent, deceptive or manipulative act or practise and that it is not sending or receiving funds to or from an illegal source.
v. provide with evidence to the Service Provider and/or the Operator, if so requested by the Service Provider and/or the Operator, of the sales records in any form, showing a proper ordering, sale and delivery of products and services. A system of storage and maintenance of copies of sales and proofs of delivery shall be established by the Merchant, in such a manner so as, to forward the said information within 24 hours of request. The Merchant understands that it is essential to provide sales records, which duly evidences a particular transaction, sale, delivery and associated events and actions, immediately and within a required time frame as communicated to the Merchant in a particular case in order to meet deadlines and other requirements applicable to a particular case solving. The Merchant understands that failure to respond to such a retrieval request constitutes a violation of this Agreement. The Merchant must and does hereby agree to preserve all records pertaining to the Sales Records for at least 5 (five) years.
w. ensure that no content on its website (i.e including a reference to the Merchant’s mobile application) violates any applicable laws and/or is not compatible with the Operators’ requirements and/or has been prohibited by Service Provider or the Operator according to its equitable discretion. The Merchant shall have full liability and responsibility for the content and accuracy of its website.
x. ensure that its website shall include any information and/or contents which are required by any applicable laws and/or as may be required from time to time with the Card Schemes and/or the PCI DSS and/or the Operator and/or the Service Provider, including but not limited to, the following information which should be updated at all times and be easily accessible and with understandable manner, in accordance with all the above mentioned requirements:
i.legal information of the Merchant (i.e. company name, registered address, registration number).
ii.principal place of business and any other location it operates (i.e. street address, city, state/province and postal code) on the same webpage as the checkout page used to present the final Transaction amount and within the sequence of webpages, the Cardholder accesses during the checkout process. A link to a separate web page operated by the Service Provider, does not meet this requirement.
iii.contact information of customer service (i.e. telephone number, email address)
iv.requesting Cardholder’s correspondence address during checkout.
v.the Operators word/picture marks to indicate which PM are accepted on the Merchant’s website.
vi.the logos of the Card Schemes accepted in the way they are indicated by the Card Schemes and any other information required by the Card Schemes;
vii.complete and clear description of products and services offered;
viii.terms and conditions.
xi.delivery policy describing how clients will receive the service and / or products
xii.PM description or a deposit and withdrawal policy
xv.all charges to be paid when making a purchase/order, including delivery, packaging, taxes and other charges;
xvi.applicable export or legal restrictions, warnings (if any);
2. It is to be acknowledged and agreed that the Service Provider shall not be responsible for any costs incurred by the Merchant for its compliance with this clause and/or any other clauses of this Agreement.
5. MERCHANT ACCOUNT - API
1. The Merchant will be provided with the API with various integration types by the Service Provider as regards to the purposes and performance of the Agreement, some of which types requires the Merchant to be PCI DSS compliant. In the latter case, the Merchant shall:
a. provide to the Service Provider a valid AoC
b. be compliant with PCI DSS requirements, applicable from time to time
c. renew their certification of PCI DSS annually and submit the newly issued AoC
2. The Merchant shall comply with all the user guides and any other instructions of the Service Provider in connection with the integration and use of APIs.
3. The API shall be used and maintained by the Merchant with the strict compliance of Service Provider’s requirements as communicated from time to time and all requirements of it shall be observed and be abide by the Merchant.
4. The method of communication and technology disclosed by Service Provider from time to time and more particularly defined in the API specifications and manuals, as well as in accordance with Service Provider’s requirements as communicated from time to time shall be the one exclusively used in the whole process of all transactions (including, but not limited to the content of the data to be delivered, data format, etc.)
5. The prerequisites for connecting the Merchant to and for communicating with Service Provider’s designated systems are undertaken to be created and maintained by the Merchant during the term of the Agreement and in accordance with the specification and technical requirements provided by Service Provider. All alterations and modifications of which the Service Provider notifies the Merchant reasonably before they take effect, are undertaken to be duly implemented by the Merchant in a timely manner, but no longer than (i) three (3) months for API and technical documentation updates; and (ii) one (1) month for any other alterations and/or modifications. Fulfilment of such requirements by the Merchant is a prerequisite for Service Provider to be able to properly render services which is fully acknowledged by the Merchant.
6. The Merchant in under a responsibility to deliver the transaction details to the Service Provider. The Merchant is also obligated to ensure that the Transaction details delivered by it are correct and complete and are in a format that is readable and can be further processed. The Service Provider is not liable for any loss of transaction details or for other malfunctions and damage to the extent they are due to the failure of the Merchant or it caused by a third party or due to a Force Majeure Event. The Service Provider shall not be held liable in cases where data is lost following delivery by the Merchant and upon delivery to the Service Provider due to the fact that no proper backup was made by the Merchant on the Merchant’s own systems prior to transmission. This is on the understanding that such a backup is permitted under the provisions of the Agreement, the applicable statutory provisions and the requirements of the Operator.
7. An access to any online portal to be used by the Merchant, such as but not limited to dashboard system and/or any administration portal, provided by either the Service Provider or the Operator (the “Online Portal”) is limited in terms of duration of this Agreement. Such access must be kept secured and all reasonable actions must be taken by the Merchant. No disclosure of passwords to third parties by the Merchant and suitable measures must be taken to prevent employees of the Merchant or other persons who act on behalf of the Merchant from doing so. In addition, the Merchant undertakes not to store or record any passwords in writing. In cases where an unauthorized use of password or unauthorized third parties have discovered the passwords or any suspicion on that thereof, the Merchant is under a duty to promptly notify Service Provider and have the passwords concerned blocked or deactivated.
8. Provided that significant reasons are found within usual practice, reasonability and necessity basis, the availability of the API and the Online Portal may be temporarily restricted at the Service Provider’s rightful discretion. Such significant reasons include, inter alia, but without limitation, necessary maintenance work, necessary adaptations, changes required by the Operator and/or the Service Provider, changes and additions to the underlying software applications, measures to locate and rectify malfunctions and to ensure the integrity of the system as well as restrictions due to specific risks of unauthorized use. Such interruptions and interference with the usability of the API and the Online Portal shall be deemed to be in conformity with the Agreement. Service Provider shall notify the Merchant on major systems changes.
9. The Service Provider shall not be held liable for any faults due to telecommunication or internet connection or for any failure or disruption in the technical infrastructure outside Service Provider’s sphere of responsibility and in more specific, for the proper functioning of the technical transmission procedure, devices, routes and other technical equipment, which the Merchant uses to connect and exchange data under the Agreement.
10. The Service Provider shall provide support to the Merchant during all standard office hours at designated phone numbers and e-mails which are communicated to the Merchant. The Service Provider may at its own discretion make available of a NOC department with the availability of 24/7. However, it is noted that such NOC department is made available for urgent service disruption matters only while the business-as-usual support service is made available according to the standard office hours. Remote maintenance of all faults arising during proper use of technological infrastructure provided under the Agreement within the rectification process shall be covered by the technical support service. The Service Provider shall, in no case, send any technical staff on site. Service Provider’s instruction and advice with the purpose of analysing any issues arising and consequently determining the fault shall be complied by the Merchant under an explicit obligation in which case, he shall be available to the necessary extent and at the necessary times for rectifying the faults. Any settlements and other enquiries shall be sent by the Merchant to its dedicated relationship manager.
6. VALIDITY PERIOD AND TERMINATION
1. This Agreement shall commence on the Commencement Date and shall continue, in full force and effect, for the period of two years from the Commencement Date and shall be renewed automatically for two-year periods (each such two-year period referred to as the “Term Period”), unless any of the Parties gives written notice to the other Party for not renewal at least 90 (ninety) days prior to the end of the Term Period and unless terminated earlier in accordance with this clause 6. For avoidance of any doubt, the Term Period shall be defined as each two-year period, irrespective if the Agreement is terminated before in accordance with this clause 6.
2. Without affecting any other right or remedy available to it, either Party may terminate the Agreement with or without cause by providing to the other Party at any time at least 90 (ninety) days written notice of its intention to terminate.
3. Without affecting any other right or remedy available to it, the Merchant may immediately terminate this Agreement without any prior notice in any of the following cases:
a. The Service Provider shall fail to comply to a material extent with any of its obligations hereunder and fails to proceed with a remedy within 15 (fifteen) Business Days from such failure.
b. The Service Provider shall cease to carry on business or shall enter into liquidation, voluntary or compulsory (other than for purposes of amalgamation or reconstruction) or enters into arrangements or compounds with its creditors or has a receiver or liquidator appointed over all or any of its assets or becomes unable to pay its debts as they fall due.
4. Without affecting any other right or remedy available to it, the Service Provider may immediately terminate this Agreement without any prior notice in any of the following cases:
a. The Merchant shall enter into liquidation, voluntary or compulsory (other than for purposes of amalgamation or reconstruction) or enters into arrangements or compounds with its creditors or has a receiver or liquidator appointed over all or any of its assets or becomes unable to pay its debts as they fall due.
b. There is a Change of Control.
c. The Processing Agreement signed between the Merchant and the respective Operator has been terminated for any reason by either the Merchant or the Operator, provided that any such termination by the Merchant was made without the instructions of the Service Provider in this respect.
d. Any of the Card Schemes determines that the Merchant is in material breach of its rules, and as a result, requests or requires that the Merchant terminates this Agreement.
e. Any harm or loss to the goodwill or reputational damage is suffered by the Service Provider and/or the provider of the respective PM and/or Operator, caused directly or indirectly by the Merchant;
f. The Service Provider becomes aware (either by the Merchant or otherwise) that the actual business conducted by the Merchant differs from the business declared at the Commencement Date of this Agreement;
g. An endangerment of the safety and/or soundness of the Service Provider and/or Operator may be caused by the business conducted by the Merchant;
h. The Service Provider becomes aware (either by the Merchant or otherwise) that the Merchant is relocating or expanding its activities to a new location, other than the one declared at the Commencement Date of this Agreement;
i. The Service Provider determines that, the Merchant fails to comply at any time during the term of this Agreement with any of its obligations and/or responsibilities under this Agreement, including, inter alia, all the obligations described in clauses 4, 5 and 8, which shall be followed at all times during the term of the Agreement by the Merchant.
j. The Service Provider determines that the representations and warranties of the Merchant in this Agreement are not true, correct and/or valid.
5. Any non-exercise of a right of termination of either Party in accordance with clauses 6.3 and 6.4 shall not be treated as waiver by such Party of such right and shall not prevent said to exercise such right in future.
6. Upon termination of this Agreement:
a. the Merchant shall immediately pay to the Service Provider all amounts owed by the Merchant under the Agreement, if applicable;
b. the Service Provider shall have the right, in addition to the other rights and remedies under this Agreement and at law, to proceed with a set off with any amounts held by it or the respective Operator on behalf of the Merchant against any amounts owed by the Merchant to the Service Provider;
c. the Merchant's rights to use the Services shall immediately cease;
d. All documents and information made available for the provision of Services under the Agreement from the Merchant’s data bases, facilities, records, etc., shall be deleted by the Merchant; and
e. Any references to the Service Provider, the PMs and Operators and the use of their trademarks on the Merchant’s website shall be deleted by the Merchant unless otherwise agreed in writing by the Parties.
7. All rights and obligations of the parties existing hereunder at the time of termination or suspension of the agreement shall survive termination/suspension including indemnification, warranty, covenants, liability, confidentiality and protection of proprietary and intellectual rights and trade secrets and any provisions which expressly, or by their nature are required to survive such termination/suspension in order to achieve their purpose, shall so survive until it shall no longer be necessary for them to be in force in order to achieve their purpose.
7. INDEMNITY, LIMITATION OF LIABILITY AND DISCLAIMER
1. THE SERVICES PROVIDED UNDER THE AGREEMENT ARE “AS IS” ON AN “AS AVAILABLE” BASIS AND ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, MADE TO THE MERCHANT OR ANY OTHER PERSON, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, FITNESS FOR A SPECIFIC PURPOSE OR OTHERWISE OF ANY SERVICE PROVIDED UNDER THE AGREEMENT ARE DULY DISCLAIMED BY THE SERVICE PROVIDER. IN ADDITION, NO REPRESENTATION OR WARRANTY IS HEREBY GIVEN BY THE SERVICE PROVIDER THAT THEIR SERVICES WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, COMPLETELY SECURE, ACCURATE, COMPLETE, OR ENTIRELY ERROR-FREE. THE LIMITATIONS SET FORTH ABOVE SHALL BE ENFORCEABLE TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW.
2. NO LIABILITY SHALL BE HELD BY THE SERVICE PROVIDER, AND ANY OF ITS REPRESENTATIVES, UNDER ANY THEORY OF TORT CONTRACT, STRICT LIABILITY OR OTHER LEGAL THEORY OR UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE), FOR LOST PROFITS, LOST REVENUES, LOST BUSINESS OPPORTUNITIES, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, EACH OF WHICH IS HEREBY EXCLUDED BY THE AGREEMENT, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER ANY PARTY OR ANY ENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR REGARDLESS OF ANYTHING IN THE AGREEMENT TO THE CONTRARY.
3. THE SERVICE PROVIDER EXPRESSLY DISCLAIMS ANY LIABILITY OR LOSS, HOWEVER OCCURRING INCLUDING NEGLIGENCE, WHICH ARISES FROM OR RELATED TO ANY UNAUTHORIZED ACCESS TO THE MERCHANT’S FACILITIES OR TO THE MERCHANT’S DATA OR PROGRAMS DUE TO ACCIDENT, ILLEGAL OR FRAUDULENT MEANS OR DEVICES USED BY ANY THIRD PARTY, OR OTHER CAUSES BEYOND SERVICE PROVIDER’S REASONABLE CONTROL.
4. THE SERVICE PROVIDER EXPRESSLY DISCLAIMS ANY LIABILITY OR LOSS, HOWEVER OCCURRING INCLUDING NEGLIGENCE, ARISING FROM OR RELATED TO:
a. THE MERCHANT’S FAILURE TO PROPERLY ACTIVATE, INTEGRATE OR SECURE ITS ACCOUNT(S) IN THE GATEWAY;
b. FRAUDULENT TRANSACTIONS PROCESSED THROUGH THE MERCHANT’S ACCOUNT(S) IN THE GATEWAY;
c. DISRUPTION OF THE SERVICES, THE GATEWAY, SYSTEMS, SERVER OR WEBSITE BY ANY MEANS, INCLUDING WITHOUT LIMITATION, DDOS ATTACKS, SOFTWARE VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS, OR ANY OTHER TECHNOLOGY;
d. ACTIONS OR INACTIONS BY ANY THIRD PARTY;OR
e. UNAUTHORIZED ACCESS TO DATA, CARDHOLDER DATA INCLUDING BUT NOT LIMITED TO, CREDIT CARD NUMBERS AND OTHER PERSONALLY IDENTIFIABLE INFORMATION, TRANSACTION DATA OR PERSONAL INFORMATION BELONGING TO THE SERVICE PROVIDER, THE MERCHANT OR ANY THIRD PARTY.
5. THE SERVICE PROVIDER EXPRESSLY DISCLAIMS ANY LIABILITY OR LOSS FOR THE LEGITIMACY OF ORDERS FORWARDED FROM THE MERCHANT AND FOR ANY AND ALL CLAIMS OF LOSS AND/OR FRAUD INCURRED RESULTING FROM CONCLUSIONS DRAWN FROM THE DATA PROVIDED BY ANY SERVICES PROVIDED BY THE SERVICE PROVIDER, OR ANY SYSTEM OR PROGRAM ASSOCIATED THEREWITH OR THE LIMITATION OF THE FUNCTIONING OF ANY GATEWAY SERVICES OR SOFTWARE, HARDWARE, OR EQUIPMENT ASSOCIATED THEREWITH.
6. IN NO EVENT SHALL THE SERVICE PROVIDER BE HELD LIABLE BY THE MERCHANT AND OR ANY THIRD PARTY FOR OR IN RELATION TO ANY DECISION, ACTION, OMISSION OF THE OPERATOR AND/OR ANY REGULATORY OR GOVERNMENTAL AUTHORITY AND/OR ANY SETTLMENT BANK AND/OR ANY CREDIT INSTITUTION WHERE THE FUNDS HELD WITH SUCH ENTITIES BECOME UNAVAILABLE FOR ANY REASON, INCLUDING, INTER ALIA, INSOLVENCY OF SUCH THIRD PARTIES OR OTHERWISE. SUCH LIABILITY ONLY LIES WITH THE MERCHANT.
7. IN NO EVENT WILL THE SERVICE PROVIDER’S LIABILITY ARISING OUT OF THIS AGREEMENT EXCEED THE FEES PAID TO THE SERVICE PROVIDER BY THE MERCHANT HEREUNDER DURING THE 12 MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT THAT GAVE RISE TO THE CLAIM FOR DAMAGES.
8. The Merchant shall indemnify, defend, protect and hold the Service Provider harmless from and against any losses arising from or in connection with:
a. Any breach or alleged breach by the Merchant of any representation, warranty or obligation of the Merchant set forth in this Agreement.
b. Any third party claims directly or indirectly (through the respective Operator) to the Service Provider in relation to the Merchant Reserve Account.
c. Any penalties imposed by the Operator to the Service Provider resulting from the non-compliance of the Merchant with the terms of the Processing Agreement and/or any of its obligations under this Agreement, including but not limited to any misrepresentation by the Merchant, or any Merchant’s negligence, misconduct or omission.
d. Any damage or loss caused by negligence, fraud, dishonestly or wrongful misconduct by the Merchant.
e. Transactions submitted by the Merchant and rejected by the Gateway or the Card Schemes or the issuing bank
f. any alleged infringement of intellectual property of any third party resulting from the negligence, misconduct, fraud, dishonesty or misrepresentation or any act or omission of the Merchant
g. Any penalties imposed by the Operator due to any conduct, action or omission attributable to the Operator irrespective of whether the penalty is justified in the relation between the Operator and Service Provider. An indemnification towards the Service Provider shall also apply in cases where the Merchant had no opportunity of raising objections or defences prior to payment. The Service Provider will also be reimbursed as per Merchant’s additional obligation as regards to its expenses, losses and brand damaging, which it incurs in connection or otherwise with the penalty imposed by the Operator. An additional penalty of 100% from the total a sum of the penalty imposed by the Operator, is entitled to be charged by the Service Provider to the Merchant in all cases where the Operator imposes a penalty to the Service Provider.
h. Improper fulfilment of the Merchant’s obligations assumed under the Agreement, without limitation or exclusion of liability in respect of fraud.
i. Any decision, action, omission of the Operator and/or any regulatory or governmental authority and/or any settlement bank or credit institution where the funds held with such entities become unavailable for any reason, including, inter alia, insolvency of such third parties or otherwise.
9. The Merchant is required to submit any claim arising out of or in the connection of the Agreement strictly within 1(one) month after the Transaction or in a case not related to the Transaction, strictly within 1(one) month after an event. Any later assertion is precluded.
10. In cases where a claim, investigation or risk regarding the PM and/or there is a breach or violation or grounds to suspect a breach or violation of the rules and requirements of the Operator and/or the Agreement by the Merchant and/or the Merchant is engaged in illegal, fraudulent or suspicious activity and/or there is a risk that any blocked balances (if any) due to the Merchant may not be sufficient to cover obligations of the Merchant and is proven that these are due to a fault, action, conduct or omission attributable to the Merchant then, in order to protect Service Provider’s interests and rights and ensure a recovery of the Merchant’s obligations and liabilities, payments to the Merchant in an amount necessary to ensure coverage of the Merchant’s obligations and liabilities can be suspended or limited until a claim/risk/investigation which give a reason for a hold and/or its extension, is resolved.
11. Suspension or limitation to the provision of the Services under the Agreement may occur in cases where the Merchant fails to properly fulfil its obligations under the Agreement.
12. None of the limitations and exclusions of liability set out in this Agreement are intended to limit or exclude: (i) the liability of a Party for willful misconduct; or (ii) the liability of the Merchant under the indemnities given by the Merchant in this Agreement.
8. DUE DILIGENCE
1. The Merchant agrees to provide, within the timeframe(s) imposed by the Service Provider, all necessary identification and due diligence information and documents in respect to the Merchant, its officers, directors, representatives, key employees, shareholders, Beneficial Owners and business to the satisfaction of Service Provider for the purposes of performing the due diligence process. A specific format and time may be requested by the Service Provider as regards to the submission of supporting documents by the Merchant.
2. The Merchant is obliged to provide information and supporting documents which includes, but not limited to the following: business description and model; goods and services the Merchant sells, provides, leases, or distributes; partners and clients; applicable licences; corporate structure and governance; risk management; AML/CTF compliance; PCI DSS compliance, credit reports; source of wealth, financial statements; tax declarations identification documents, volumes and processing activity (if applicable) and any other documentation requested by the Service Provider and Merchant is obliged to provide information and supporting documents on every change in previously submitted information and documents, including, but not limited to significant material changes to the Merchant financial condition and business immediately when such changes took effect or, where applicable, when such changes are anticipated.
3. Certain instances must be communicated to the Service Provider at an immediate notice when an intention to:
a. Change the nature of its business, including selling any products or services not related to its current business;
b. Change ownership or transfer control of its business;
c. Change directorship;
d. Change authorised representative(s);
e. Change physical address;
f. Change a domain name;
g. Change the countries of origin and destination of funds;Significant change of a daily/weekly/monthly turnover;
h. Sell or close the business. The Service Provider must be immediately notified by the Merchant of any bankruptcy, insolvency or similar action initiated in respect of the Merchant or any of its principals. The Service Provider must be notified by the Merchant if the Merchant is threatened with or becomes party to any action, suit or proceeding at law that could substantially impair its right to carry on its business or adversely affect its financial condition or operations.
9. REPRESENTATIONS AND WARRANTIES OF THE PARTIES
1. Each Party represents and warrants that:
a. it has full power and authority to enter into and perform this Agreement; and
b. its execution and performance of this Agreement does not violate, conflict with, or result in a material default under any other contract or agreement to which it is a party, or by which it is bound.
c. It shall at all times comply with applicable PCI DSS as such may be amended from time to time with respect to all Card Data it receives in the course of this Agreement.
2. The Merchant represents and warrants that, on the date of entering into this Agreement and throughout the term of this Agreement:
a. There is no substantial impairment of any of Merchant’s rights to carry on its business as now conducted or adversely affect its financial condition or operations deriving from any action, suit or proceeding at law now pending or to the Merchant's knowledge which is threatened, by or against or affecting him.
b. The Merchant’s business is identified by the Merchant and approved under the Agreement is in line with the goods and services sold by it.
c. The Merchant does not perform any sale under a different trade name and/or business affiliation other than indicated in this Agreement and/or disclosed to the Service Provider throughout the term of the Agreement.
d. any submission of information contained in any application, questionnaire and any other document submitted to the Service Provider, based on its or the Operator’s request, is true and binding upon the Merchant and the Service Provider may rely on all such information and documents.
10. RELATION BETWEEN THE OPERATOR AND SERVICE PROVIDER
In order to provide services to the Merchant pursuant to this Agreement as well as the Processing Agreement, the Service Provider collaborates with the respective Operator the Merchant signed a Processing Agreement with. For avoidance of any doubt, the Merchant is not a party to any arrangements between the said Operator and Service Provider; the relations and arrangements between Operators and Service Provider are exclusively between them and the Merchant has no rights to enforce or otherwise impact or benefit from such relations and arrangements.
The Parties mutually agree that all Confidential Information is confidential and each Party undertakes to the other Party:
a. to keep the Confidential Information secret and confidential;
b. to use and exploit all Confidential Information only to the extent required for the purposes of this Agreement;
c. to disclose Confidential Information only to its officers and employees on a need-to-know basis, provided they are bound by confidentiality restrictions no less protective than those set forth in this Agreement;
d. not to copy, reproduce, summarize Confidential Information in any form except as required to accomplish the purposes of this Agreement and only as provided hereunder and any such copies, reproduction and/or summary will be considered also as Confidential Information which belong to the other Party;
e. not to make any announcement and/or disclosure in connection with this Agreement and not to instruct any other person to do so without the prior written consent of the other Party;
f. to establish and maintain adequate security measures to ensure proper and secure storage and transmission of all Confidential Information;
g. that it shall promptly advise the other Party in writing if it learns of any unauthorised use or disclosure of Confidential Information by any current or former officer and/or employee;
h. that it shall be liable for the actions or omissions of its officers and/or employees in relation to the Confidential Information as if they are actions or omissions of the said Party.
2. Confidential Information means any and all information disclosed and/or made directly and/or indirectly available by each Party or its Representatives or any other person providing such information on behalf of the said Party and/or its Group (for the purposes of this clause 11 the “Disclosing Party”), to the other Party or its Representatives on a need-to-know basis or any other person to whom both parties agree in writing that Confidential Information may be disclosed in connection with the purpose of this Agreement (for the purposes of this clause 11 the “Receiving Party”), whether electronically, orally or in writing, before, on or after the date of this Agreement, including without limitation the existence and contents of this Agreement, present and future business, strategic, financial, technical and commercial information, fraud, general business performance, business concepts, marketing and customer information, financial forecasts and projections, technical data, schematics, analyses, ideas, methods, trade secrets, processes, experience, know-how, computer programs and computer code, products, services, technical documents, pricing methods, prototypes, designs and design methodology, evaluation methodology, sales information, business plans, specifications, techniques and drawings, any information, findings, data or analysis derived from the Confidential Information, information acquired during any facilities tours any other information which is designated as confidential or is identified by the Disclosing Party as of confidential or proprietary nature before, during or promptly after the presentation or communication, or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential, but excludes any information referred to in clause 11.3.
11.3 Information is not Confidential Information if:
a. at the time of its disclosure, or thereafter, is or becomes generally available to the public other than through any fault of the Receiving Party and/or any breach of this Agreement in general, except that any compilation of otherwise public information in a form not publicly known shall nevertheless be treated as Confidential Information;
b. the Parties agree in writing that the information is not confidential;
c. was known to the Receiving Party prior to receiving any Confidential Information from the Disclosing Party and it was not under any obligation of confidence in respect of that information; or
d. the Receiving Party can establish to the reasonable satisfaction of the Disclosing Party that it received and/or otherwise acquired the Confidential Information from a third party, not connected with the Disclosing Party, without such third party being under any restriction on disclosure and without breach of a non-disclosure obligation by such third party.
11.4 The Receiving Party, may disclose the Confidential Information if and to the extend required by:
a. a written judicial or other governmental order;
b. an investigation by any competent judicial, governmental or regulatory body;
c. the laws or regulations of any country with jurisdiction over its affairs.
11.5. Before the Receiving Party discloses any Confidential Information in accordance with clause 11.4, it shall provide the Disclosing Party with prompt written notice of such required disclosures (to the extent permitted by law) and will cooperate with the Disclosing Party to minimise the extent of any such disclosure. The Receiving Party shall disclose the minimum amount of Confidential Information legally required and shall use its best efforts to obtain assurances that confidential treatment will be accorded to such Confidential Information and/or cooperating (to the extent permitted by law) with the Disclosing Party to obtain an appropriate protective order by a competent court in this respect. Any costs related with the procurement and/or obtaining of the mentioned protective order, shall be paid by the Disclosing Party.
11.6. If the Receiving Party is unable to inform the Disclosing Party before Confidential Information is disclosed pursuant to clause 11.5, it shall (to the extent permitted by law) inform the Disclosing Party of the full circumstances of the disclosure and the Confidential Information that has been disclosed as soon as reasonably practicable after such disclosure has been made.
12. STORAGE OF INFORMATION, RETENTION AND NON-DISCLOSURE
12.1 All provisions, requirements and best practises concerning their Cardholder information security issues, non-disclosure of the Cardholder and the PM information, retention and storage of information and data and other, security procedures adopted by the Merchant and the operators shall be fully complied by the Merchant. Except in cases for purposes of authorising, completing and settling the PM and resolving any disputes, retrieval requests or similar issues involving the PM, or pursuant to a court or governmental authority legitimate request, the Merchant must not use, disclose, sell or disseminate any Cardholder information. Where applicable, the Merchant shall do the following and act as per further instructions of the Service Provider and/or in accordance with any applicable legislation, regulations and standards in this respect, including but not limited to PCI DSS and/or any standards provided by the Card Schemes (as applicable):
a. A firewall configuration to protect data must be installed and maintained;
b. Vendor-supplied defaults for system passwords and other security parameters shall not be used;
c. Stored data shall be protected;
d. Transmission of sensitive information across public networks shall be encrypted
e. Anti-virus software shall be used and regularly updated;
f. Security patches shall be kept up to-date.
g. Security systems and applications shall be developed and maintained;
h. Restrict access to data by business need-to-know.
i. Each person with computer access shall be assigned with a unique ID;
j. Access to the Cardholder’s data shall be restricted.
k. All access to network resources and the Cardholder’s data shall be tracked and monitored.
l. Security systems and processes shall be regularly tested.
m. A policy that addresses information security shall be maintained.
12.2 The Merchant must retain legal control of proprietary information and use limited “need-to-know” access to information, assets, networks or data when outsourcing administration of such assets, networks, or data.
13. DATA PROTECTION
13.1 Both Parties will comply with all applicable requirements of the Data Protection Legislation. This clause 13 is in addition to, and does not relieve, remove or replace, a Party’s obligations or rights under the Data Protection Legislation.
13.2 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Merchant is the Controller and the Service Provider is the Processor. The scope, nature and purpose of processing by the Service Provider, the duration of processing and the types of Personal Data and categories of Data Subject are set out in the Service Provider’s website at https://pay.com/legal/privacy-policy, as may be updated by the Service Provider from time to time, without further notice to the Merchant.
13.3 Notwithstanding clause 13.2 above, the Parties acknowledge that the Service Provider shall be a joint controller for the purposes of the Data Protection Legislation in relation to all Personal Data to be collected and/or processed by the Service Provider for which is has an obligation to retain in its records pursuant to any applicable law or regulation in any relevant jurisdiction.
13.4 Without prejudice to the generality of clause 13.1 above, the Merchant will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Service Provider and/or lawful collection of the Personal Data by the Service Provider on behalf of the Merchant for the duration and purposes of this Agreement.
13.5 Without prejudice to the generality of clause 13.1, the Service Provider shall, in relation to any Personal Data processed in connection with the performance by the Service Provider of its obligations under this Agreement:
a. process the Personal Data to the extent, and in the manner, as is necessary as per clause 13.2 above. The Service Provider will not process any other Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. If the Data Protection Legislation requires the processing Personal Data, the Service Provider shall promptly notify the Merchant of this before performing the processing required by the Data Protection Legislation unless such Data Protection Legislation prohibits the Service Provider from so notifying the Merchant;
b. ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Merchant, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
c. ensure that all personnel who have access to and/or process Personal Data are obliged to maintain confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless the Merchant or this Agreement specifically authorises the disclosure; and
d. not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Merchant has been obtained and the following conditions are fulfilled:
i. the Merchant or the Service Provider has provided appropriate safeguards in relation to the transfer;
ii.the data subject has enforceable rights and effective legal remedies;
iii.the Service Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
iv.the Service Provider complies with reasonable instructions notified to it in advance by the Merchant with respect to the processing of the Personal Data.
e. (assist the Merchant, at the Merchant’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
f. notify the Merchant without undue delay on becoming aware of a Personal Data Breach;
g. at the written direction of the Merchant, delete or return Personal Data and copies thereof to the Merchant on termination of the agreement unless required by Applicable Law to store the Personal Data; and
h. maintain complete and accurate records and information to demonstrate its compliance with this clause 13 and allow for audits by the Merchant’s designated auditor and immediately inform the Merchant if, in the opinion of the Service Provider, an instruction infringes the Data Protection Legislation.
13.6 The Merchant consents to the Service Provider appointing the Operator with whom the Merchant will enter into a Processing Agreement, as a third-party processor of Personal Data under this agreement. The Service Provider confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 13, and in either case which the Service Provider confirms and undertakes that they reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Merchant and the Service Provider, the Service Provider shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 13.5.
14. PROPRIETARY AND INTELLECTUAL RIGHTS.
14.1 The Service Provider grants to the Merchant the right to use, reproduce, publish, perform and display the trademarks of the Service provider as follows:
a. In the website of the Merchant, indicating clearly that it reflects the Gateway;
b. In promotional and marketing materials and electronic and printed advertising, publicity, press releases, newsletters and mailings in connection to the Services.
14.2 Subject to the terms and conditions contained herein, the Merchant hereby grants the Service Provider, any of its Group companies and the applicable Operator, a non-exclusive, royalty-free, fully-paid up right to use, reproduce, publish, perform and display the Merchant’s trademarks as follows:
a. Anywhere required in order to facilitate the performance of the Services by the Service Provider.
b. In promotional and marketing materials and electronic and printed advertising, publicity, press releases, newsletters and mailings in connection to the Services.
14.3 Each Party shall strictly comply with all standards with respect to the other Party’s trademarks contained herein or which may be furnished by such party from time to time. Further, neither Party shall create a combination mark consisting of one or more trademarks of the other Party. All uses of the other Party’s trademarks shall inure to the benefit of the Party owning such trademark.
14.4 Each Party shall indicate in writing to the other Party from time to time which trademarks shall be usable by the other Party for the purposes of this Agreement.
14.5 Except as otherwise provided herein, the neither Party shall use, register or attempt to register any:
a. trademarks of the other Party; or
b. trademarks or domain names that are confusingly similar to any of the trademarks or domain(s) of the other Party.
14.6 Each Party shall not:
a. take any actions inconsistent with the other Party’s ownership of such Party’s trademarks and any associated registrations;
b. attack the validity of the trademarks of the other Party, their ownership thereof, or any of the terms of this Agreement; or
c. use the trademarks of the other Party in any manner that would indicate the first Party is using such trademarks of the other Party other than as a licensee in accordance with the terms of this Agreement.
14.7 The Service Provider retains all their respective rights, title and interests in and to the API, systems, brand name, technologies, software, infrastructure and process utilized by the Merchant under or in connection with this Agreement, including but not limited to all associated intellectual property rights. No title to or ownership of any of the foregoing is granted to the Merchant or any third party. The Merchant will not reverse engineer, disassemble, decompile or otherwise attempt to discover the source code or trade and technological secrets of the services, software and technology of the Service Provider. The Merchant understands and agrees that it shall have no right to use the proprietary name and/or symbol of the Service Provider and the Operators, except as provided herein and/or the Processing Agreement (as applicable) and/or as otherwise being permitted to do so by relevant party in writing, and only while this Agreement is in effect, or until the Merchant is notified to cease usage, wherever comes first.
15. FORCE MAJEURE
15.1 Provided it has complied with clause 15.3, if a Party is prevented, hindered or delayed in or from performing any of its obligations under this Agreement by a Force Majeure Event (the “Affected Party”), the Affected Party shall not be in breach of this Agreement or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
15.2 The Affected Party shall:
a. as soon as reasonably practicable after the start of the Force Majeure Event notify the other Party of the Force Majeure Event, the date on which it started, its likely or potential duration, and the effect of the Force Majeure Event on its ability to perform any of its obligations under this Agreement; and
b. use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.
15.3 If the Force Majeure Event prevents, hinders or delays the Affected Party's performance of its obligations for a continuous period of more than four (4) weeks, the Party not affected by the Force Majeure Event may terminate this Agreement by giving two (2) weeks' written notice to the Affected Party.
A notification of at least 30 (thirty) days prior to any changes made from time to time (including supplement and amend) on the Agreement (including schedules, annexes, supplementary agreements, addendums, terms and conditions, fees and charges) shall be given by the Service Provider to the Merchant. Prior to any changes become effective and after notice is received by the Merchant, Merchant has the right to terminate the Agreement with immediate effect at any time. In case that the Merchant did not terminate the Agreement before changes took effect, this shall be considered that the Merchant has agreed and accepted changes to the agreement. However, in cases are set forth in the agreement and or due to external events, with direct impact on the respective provision of the agreement, such as changes in the requirements of the Operator and applicable laws, changes may take immediate effect. The Merchant and the Service Provider may agree on any changes to the agreement on a mutual written basis of the aforementioned, by way of derogation.
17. ASSIGNMENT AND OTHER DEALINGS
17.1 Except as provided in clause 17.2 neither party shall assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any of its rights and obligations under this Agreement.
17.2 The Service Provider is entitled to assign all or any of its rights and duties under the agreement to any third party, subject to notification of ten (10) Business days prior to such assignment. An assignment shall be deemed to have been approved by the Merchant if the Merchant does not raise an objection within five (5) Business Days upon receipt of the said notice.
If any provision in this Agreement is deemed to be, or becomes invalid, legal, void or unenforceable under applicable laws, such provision will be deemed amended to conform to applicable laws so as to be valid enforceable or if it cannot be so amended without material altering the intention of the parties. It will be deleted, but the validity, legality and enforceability of the remaining provisions of the agreement shall not be impaired or affected in anyway.
No waiver of any terms, conditions, default or breach shall be effective unless granted in writing. The waiver by either party of any default or breach of the agreement shall not constitute a waiver of any other or subsequent default or breach.
20. INADEQUACY OF DAMAGES
Without prejudice to any other rights or remedies that the Company may have, the Service Provider acknowledges and agrees that damages alone would not be an adequate remedy for any breach of the terms of this Agreement by the Service Provider. Accordingly, the Company shall be entitled to the remedies of injunction, specific performance or other equitable relief for any threatened or actual breach of the terms of this Agreement.
21. ENTIRE AGREEMENT
21.1 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
21.2 Each party agrees that it shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement.
No variation of this Agreement shall be effective unless it is in writing and signed by the parties.
No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
24.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.
24.2 If any provision of part-provision of this Agreement is deemed deleted under 24.1, the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
25.1 This Agreement may be executed in any number of counterparts, each of which shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement. Transmission of an executed counterpart of this Agreement (but for the avoidance of doubt not just a signature page) by email (in PDF, JPEG or other agreed format) shall take effect as the transmission of an executed "wet-ink" counterpart of this Agreement. If this method of transmission is adopted, without prejudice to the validity of the agreement thus made, each party shall on request provide the other with the "wet ink" hard copy original of its counterpart.
25.2 Notwithstanding the above, the Parties agree that this contract can be signed by them by electronic signature, in the form it will be acceptable by the Service Provider and that this method of signature is as conclusive of our intention to be bound by this Agreement as if signed by each Party’s manuscript signature.
26.1 Any notice or other communication given to a party under or in connection with this Agreement shall be in writing and shall be:
a. delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or
b. sent by email to the address specified below:
Party 1: [email protected]
Party 2: …………………………………[SP1]
26.2 Any notice shall be deemed to have been received:
a. if delivered by hand, on signature of a delivery receipt;
b. if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service; and
c. if sent by email, at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume. In this clause 26.2(c), business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt
26.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
27. GOVERNING LAW
This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of the Republic of Cyprus.
Each party irrevocably agrees that the courts of the Republic of Cyprus shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.
[signature page will follow]
The Parties have caused this Agreement to be executed by their duly authorized officers, all as of the day and year first above written.
Signed by [NAME OF DIRECTOR] [SP2] for and on behalf of PAYCOMCY LIMITED
Signed by [NAME OF DIRECTOR] for and on behalf of [NAME OF PARTY 2]
[SP1]Merchant to add his email here
[SP2]Yellow parts to be filled by Merchant